Technologist - The FindLaw Legal Technology Blog

The 6 Most Newsworthy Data Breaches of 2015

It's a bit of a stretch to say that 2015 was the year of the data breach, but data security -- and insecurity -- has been on our minds and our blogs a lot lately. The continued growth of e-commerce, the switch to increasingly digital offices, and the dawn of the Internet of Things have all contributed to the spread of personal, private information. Throw in a few weak security systems and a bit of general incompetence and you've got the perfect recipe for a data breach.

Here are the 2015 data breaches that we think merit the most attention.

1. All of BigLaw

Well, not all, but most. Back in March, Bloomberg revealed that at least 80 percent of the 100 largest law firms have been hacked. Large firms' sensitive data and hefty bank accounts make them particularly attractive targets to hackers. Hackers steal some data for an insider's view into their competitors, according to Bloomberg, while others simply hold it for ransom.

2. Office of Personnel Management

In early July, the Office of Personnel Management announced that it had been hacked -- hard. OPM is essentially the human resources department for the entire federal government and hackers, presumably on behalf of the Chinese government, got information on almost anyone who has worked or applied to work with the federal government, including sensitive security clearance information.

The OPM breach saw hackers steal the personal information of over 22 million people, or almost seven percent of the entire U.S. population. Tack on the FBI and IRS data breaches and 2015 wasn't a good year for federal cybersecurity.

3. Blue Cross Blue Shield

If your security clearance dossier wasn't stolen in the OPM hack, your medical records might have been lost in the Blue Cross Blue Shield data breaches. The Blue Cross Blue Shield data breach, which involved both Premera and CareFirst, compromised the medical and personal information of over 12 million people, the largest breach of patient medical information ever.

4. Ashley Madison

Oh, the poor adulterers of Ashley Madison. We somehow still can't bring ourselves to feel sorry for you.

For those who missed it, Ashley Madison was an online "dating" company for married users looking to have an affair. It was hacked in July by what appeared to be a group of vengeful ex-users. And, unlike other breaches, the stolen information as quickly dumped into the public sphere, revealing to the world all of Ashley Madison's users, including a few big names.

5. VTech Toy Company Hack

The hack of VTech, an electronic toy company, serves as a good reminder that it's not just the data of law firms, federal employees, and cuckolders that can be lost in a breach. In November, VTech's Learning Lodge, where kids can download apps, e-books, and other content, was hacked and its data stolen.

Thankfully, none of the data lost in the breach was personally identifiable information, so there won't be a Russian hacker taking out a mortgage in your daughter's name. At least not yet.

6. CIAChief24@AOL.com Hack

John Brennan, the director of the Central Intelligence Agency, didn't look so intelligent after a teenager hacked his email account. What's worse, it was an AOL account. The man in charge of the nation's spies was using a relic from the first days of the Internet.

But Brennan's hack emphasized just how easy it can be to get personal information. The hacker, part of a group that goes by "Crackas With Attitude," used a simple "social engineering" scam. Masquerading as an employee of Verizon, AOL's parent company, the hacker easily tricked Verizon into turning Brennan's AOL email over to him.

Embarrassing or dangerous or both, this year's data breaches have given us plenty to learn from. Hopefully we'll see less of them in the year ahead.

Related Resources: